<?php
require("header.php");

function display()
{
	echo '<form action="login.php" method="post"> Email: <input type="text" name="email" /> <br> Password: <input type="password" name="password" /> <input type="submit" /> </form>';
}
if (empty($_POST["email"]))
{
	display();
}
else
{
	$temp = $_POST['email'];
	$safe_temp=mysql_real_escape_string($temp);	//must always escape characters before calling a sql statement from user input
	$result = mysql_query("SELECT * FROM user WHERE user_email='$safe_temp'");
	$row = mysql_fetch_array($result);
	if (!empty($row["user_email"]))
	{
		if ($row["user_password"]==sha1($_POST["password"]+salt))
		{

			$_SESSION["user_email"] = $row["user_email"];
			$_SESSION["user_id"] = $row["user_id"];
			$_SESSION["user_password"] = $row["user_password"];
			include 'index.php';
			exit;
		}
		else
		{
			echo 'invalid password';
			display();
		}
	}
	else
	{
		echo 'invalid email';
		display(); 
	}
}

?>
<a href='index.php'>index</a>
<a href='register.php'>register</a>